英文:
Azure WebApp unable to connect to Storage Account and restarts every 5min when VNet is enabled
问题
我有一个新的、简单的Spring Boot应用程序,它有一个单一的REST端点,想要将数据存储在Azure表存储中。当从我的开发机器上的Spring Boot应用程序运行时,一切正常,存储帐户连接字符串用于身份验证。(这台开发机器也在Azure中托管在虚拟机中。)
然而,当该应用程序部署到Web应用程序时,出现了多个问题:
- 无法访问存储帐户,部署的Web应用程序服务在使用用户托管标识时会收到一个带有403错误的“com.azure.data.tables.models.TableServiceException”,错误消息为“This request is not authorized to perform this operation”;或者在尝试使用与IDE相同的连接字符串时,会收到“java.net.UnknownHostException”错误。
- 每当为Web应用程序启用VNet集成时:
- 应用程序似乎每5分钟重启一次。
- 使用AZ CLI或Maven插件的手动部署方法会超时。
Azure基础设施的一些属性:
- Azure Web应用程序
- Java 11运行时
- 用于应用服务计划的Linux操作系统
- 始终保持开启状态
- ARR亲和性:关闭
- 禁用健康检查
- 虚拟网络
- 在Web应用程序和存储帐户端点上都进行了配置
- 用户托管标识(UAMI)
- 分配给Web应用程序
- 为相关的存储帐户分配了Storage Table Data Contributor角色
我无法查找到有用的错误日志,指示根本原因。在应用服务诊断中(诊断和解决问题视图)我找到了一个奇怪的事件类型,位于“Web应用程序重新启动”诊断下:NetmanMarkedUnhealthy,这个词在谷歌中实际上没有任何结果。
已使用的依赖项:
- com.azure:azure-identity:1:4.3
- com.azure:azure-data-tables:12.3.11
有什么想法可能导致这些问题?
英文:
I have a new, simple Spring Boot application with a single REST endpoint that wants to store data in Azure Table Storage. When talking to the storage account from my dev machine, running the Spring Boot app in my IDE, everything works, the storage account connection string is used for auth.
(This dev machine is also running in a VM, hosted in Azure.)
However, when the app is deployed to the Web App, I have multiple issues:
- The storage account can not be reached, the deployed webapp service receives either a
com.azure.data.tables.models.TableServiceException
with 403 "This request is not authorized to perform this operation" if I use USer Managed Identitiy, ORjava.net.UnknownHostException
when trying to use the same connection string as from the IDE. - Whenever VNet integration is turned on for the Web App:
- The app seems to restart every 5 minutes
- Manual deployment methods with AZ CLI or the maven plugin are timing out
Some properties of the azure infra:
- Azure Web App
- Java 11 runtime
- Linux OS for the App Service Plan
- Always On turned on
- ARR affinity: off
- Health check disabled
- VirtualNet
- Configured on both the Web App and Storage Account ends in the networking
- UAMI
- assigned to the Web App
- has Storage Table Data Contibutor role assigned to it for the storage account in question
I was unable to dig for useful error logs, that would hint for the root causes. In the App Service Diagnostics (Diagnose and Solve Problems blade) I did find this weird event type under "Web App restarted" diagnostic: NetmanMarkedUnhealthy, which literally yields 0 google results.
Used dependencies:
- com.azure:azure-identity:1:4.3
- com.azure:azure-data-tables:12.3.11
Any idea what could cause these issues?
答案1
得分: 1
NetmanMarkedUnhealthy可能是导致您的Web应用程序每5分钟重启的原因。此错误,Network Manager for Linux Unhealthy事件与由Network Manager (netman)服务监视的网络接口的健康状态有关。
假设您已启用服务端点,为了减轻此问题,需要进一步调查。请发送电子邮件至AzCommunity[at]microsoft[dot]com,ATTN: Ryan,并附上此帖子的链接、您的应用服务名称和订阅ID。
**编辑 2023年6月13日:**尝试将您的应用服务计划进行上下缩放,以查看是否可以减轻您收到的NetmanMarkedUnhealthy消息。
英文:
The NetmanMarkedUnhealthy could be what's causing your web app to restart every 5 minutes. This error, Network Manager for Linux Unhealthy event is related to health of the network interface as monitored by the Network Manager (netman) service.
Assuming you have service endpoints enabled, this issue will require further investigation in order to mitigate. Please send us an email to AzCommunity[at]microsoft[dot]com ATTN: Ryan enclosed with a link to this post, your app service name, and subscription id.
EDIT 2023 June 13: Try scaling you app service plan up/down to see if that mitigates the NetmanMarkedUnhealthy message you're getting.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论